>From 8f4ccd35c2fdbe9841316f81427e156998916d68 Mon Sep 17 00:00:00 2001
From: Shawn Wells <shawn@redhat.com>
Date: Wed, 11 Sep 2013 21:28:38 -0400
Subject: [PATCH 12/22] Updated sysctl templates
 - Old sysctl XCCDF names varied from "set_sysctl," "disable_sysctl" to "sysctl_*", standardized on "sysctl_*"
 - This change ensures that all XCCDF, OVAL, and bash scripts are properly linked together

---
 RHEL6/input/auxiliary/stig_overlay.xml             |    2 +-
 RHEL6/input/auxiliary/transition_notes.xml         |   24 +++++++-------
 .../fixes/bash/set_sysctl_fs_suid_dumpable.sh      |   16 ---------
 .../fixes/bash/set_sysctl_kernel_dmesg_restrict.sh |   16 ---------
 .../fixes/bash/set_sysctl_kernel_exec_shield.sh    |   16 ---------
 .../bash/set_sysctl_kernel_randomize_va_space.sh   |   16 ---------
 ...et_sysctl_net_ipv4_conf_all_accept_redirects.sh |   16 ---------
 ...sysctl_net_ipv4_conf_all_accept_source_route.sh |   16 ---------
 .../set_sysctl_net_ipv4_conf_all_log_martians.sh   |   16 ---------
 .../bash/set_sysctl_net_ipv4_conf_all_rp_filter.sh |   16 ---------
 ...et_sysctl_net_ipv4_conf_all_secure_redirects.sh |   16 ---------
 .../set_sysctl_net_ipv4_conf_all_send_redirects.sh |   16 ---------
 ...ysctl_net_ipv4_conf_default_accept_redirects.sh |   16 ---------
 ...tl_net_ipv4_conf_default_accept_source_route.sh |   16 ---------
 .../set_sysctl_net_ipv4_conf_default_rp_filter.sh  |   16 ---------
 ...ysctl_net_ipv4_conf_default_secure_redirects.sh |   16 ---------
 ..._sysctl_net_ipv4_conf_default_send_redirects.sh |   16 ---------
 ..._sysctl_net_ipv4_icmp_echo_ignore_broadcasts.sh |   16 ---------
 ...l_net_ipv4_icmp_ignore_bogus_error_responses.sh |   16 ---------
 .../fixes/bash/set_sysctl_net_ipv4_ip_forward.sh   |   16 ---------
 .../bash/set_sysctl_net_ipv4_tcp_syncookies.sh     |   16 ---------
 .../set_sysctl_net_ipv6_conf_default_accept_ra.sh  |   16 ---------
 ...ysctl_net_ipv6_conf_default_accept_redirects.sh |   16 ---------
 RHEL6/input/fixes/bash/sysctl_fs_suid_dumpable.sh  |   16 +++++++++
 .../fixes/bash/sysctl_kernel_dmesg_restrict.sh     |   16 +++++++++
 .../input/fixes/bash/sysctl_kernel_exec_shield.sh  |   16 +++++++++
 .../fixes/bash/sysctl_kernel_randomize_va_space.sh |   16 +++++++++
 .../sysctl_net_ipv4_conf_all_accept_redirects.sh   |   16 +++++++++
 ...sysctl_net_ipv4_conf_all_accept_source_route.sh |   16 +++++++++
 .../bash/sysctl_net_ipv4_conf_all_log_martians.sh  |   16 +++++++++
 .../bash/sysctl_net_ipv4_conf_all_rp_filter.sh     |   16 +++++++++
 .../sysctl_net_ipv4_conf_all_secure_redirects.sh   |   16 +++++++++
 .../sysctl_net_ipv4_conf_all_send_redirects.sh     |   16 +++++++++
 ...ysctl_net_ipv4_conf_default_accept_redirects.sh |   16 +++++++++
 ...tl_net_ipv4_conf_default_accept_source_route.sh |   16 +++++++++
 .../bash/sysctl_net_ipv4_conf_default_rp_filter.sh |   16 +++++++++
 ...ysctl_net_ipv4_conf_default_secure_redirects.sh |   16 +++++++++
 .../sysctl_net_ipv4_conf_default_send_redirects.sh |   16 +++++++++
 .../sysctl_net_ipv4_icmp_echo_ignore_broadcasts.sh |   16 +++++++++
 ...l_net_ipv4_icmp_ignore_bogus_error_responses.sh |   16 +++++++++
 .../input/fixes/bash/sysctl_net_ipv4_ip_forward.sh |   16 +++++++++
 .../fixes/bash/sysctl_net_ipv4_tcp_syncookies.sh   |   16 +++++++++
 .../bash/sysctl_net_ipv6_conf_default_accept_ra.sh |   16 +++++++++
 ...ysctl_net_ipv6_conf_default_accept_redirects.sh |   16 +++++++++
 .../fixes/bash/templates/create_sysctl_bash.py     |    2 +-
 RHEL6/input/profiles/CS2.xml                       |   34 ++++++++++----------
 RHEL6/input/profiles/common.xml                    |   32 +++++++++---------
 RHEL6/input/profiles/fisma-medium-rhel6-server.xml |   32 +++++++++---------
 RHEL6/input/profiles/nist-CL-IL-AL.xml             |   32 +++++++++---------
 RHEL6/input/profiles/usgcb-rhel6-server.xml        |   34 ++++++++++----------
 RHEL6/input/system/network/ipv6.xml                |    4 +-
 RHEL6/input/system/network/kernel.xml              |   30 +++++++++---------
 52 files changed, 449 insertions(+), 449 deletions(-)
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_fs_suid_dumpable.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_kernel_dmesg_restrict.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_kernel_exec_shield.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_kernel_randomize_va_space.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_accept_redirects.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_accept_source_route.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_log_martians.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_rp_filter.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_secure_redirects.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_send_redirects.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_accept_redirects.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_accept_source_route.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_rp_filter.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_secure_redirects.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_send_redirects.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_icmp_ignore_bogus_error_responses.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_ip_forward.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv4_tcp_syncookies.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv6_conf_default_accept_ra.sh
 delete mode 100644 RHEL6/input/fixes/bash/set_sysctl_net_ipv6_conf_default_accept_redirects.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_fs_suid_dumpable.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_kernel_dmesg_restrict.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_kernel_exec_shield.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_kernel_randomize_va_space.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_accept_redirects.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_accept_source_route.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_log_martians.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_rp_filter.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_secure_redirects.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_send_redirects.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_accept_redirects.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_accept_source_route.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_rp_filter.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_secure_redirects.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_send_redirects.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_ip_forward.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv4_tcp_syncookies.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv6_conf_default_accept_ra.sh
 create mode 100644 RHEL6/input/fixes/bash/sysctl_net_ipv6_conf_default_accept_redirects.sh

diff --git a/RHEL6/input/auxiliary/stig_overlay.xml b/RHEL6/input/auxiliary/stig_overlay.xml
index 3dd40c8..3a71a58 100644
--- a/RHEL6/input/auxiliary/stig_overlay.xml
+++ b/RHEL6/input/auxiliary/stig_overlay.xml
@@ -222,7 +222,7 @@
 	<overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-06-000093" disa="366" severity="low">
 		<title>The system must ignore ICMPv4 bogus error responses.</title>
 	</overlay>
-	<overlay owner="disastig" ruleid="set_sysctl_net_ipv4_tcp_syncookies" ownerid="RHEL-06-000095" disa="1095" severity="medium">
+	<overlay owner="disastig" ruleid="sysctl_net_ipv4_tcp_syncookies" ownerid="RHEL-06-000095" disa="1095" severity="medium">
 		<title>The system must be configured to use TCP syncookies when experiencing a TCP SYN flood.</title>
 	</overlay>
 	<overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-06-000096" disa="366" severity="medium">
diff --git a/RHEL6/input/auxiliary/transition_notes.xml b/RHEL6/input/auxiliary/transition_notes.xml
index d809272..d4d4cba 100644
--- a/RHEL6/input/auxiliary/transition_notes.xml
+++ b/RHEL6/input/auxiliary/transition_notes.xml
@@ -1495,9 +1495,9 @@ rule=enable_execshield manual=no
 <note ref="12002" auth="KS">
 Check does exist in the RHEL6 prose, it can be automated and the OVAL for it 
 does exist.
-rule=set_sysctl_net_ipv4_conf_all_accept_source_route manual=no
+rule=sysctl_net_ipv4_conf_all_accept_source_route manual=no
 This check is split in the RHEL6 prose and addressed in the rule listed above 
-and the set_sysctl_net_ipv4_conf_default_accept_source_route rule
+and the sysctl_net_ipv4_conf_default_accept_source_route rule
 </note>
 
 <note ref="846,12010,12011,23732" auth="KS">
@@ -1510,7 +1510,7 @@ Per V-12010 don't allow FTP.  Lets get rid of these other random FTP rules.
 <note ref="12023" auth="KS">
 Check does exist in the RHEL6 prose, it can be automated and the OVAL for it 
 does exist.
-rule=disable_sysctl_ipv4_ip_forward manual=no
+rule=sysctl_ipv4_ip_forward manual=no
 </note>
 
 <note ref="12028" auth="KS">
@@ -1592,38 +1592,38 @@ This is accomplished by whitelisting specific types of icmp traffic.
 <note ref="22410,22411" auth="KS">
 Check does exist in the RHEL6 prose, it can be automated and OVAL for it does 
 exist.
-rule=set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts manual=no
+rule=sysctl_net_ipv4_icmp_echo_ignore_broadcasts manual=no
 V-22410 and V-22411 are the same.
 </note>
 
 <note ref="22414" auth="KS">
 Check does exist in the RHEL6 prose, it can be automated and OVAL for it does 
 exist.
-rule=set_sysctl_net_ipv4_conf_all_accept_source_route manual=no
+rule=sysctl_net_ipv4_conf_all_accept_source_route manual=no
 This check is split in the RHEL6 prose into the above and the 
-set_sysctl_net_ipv4_conf_default_accept_source_route rule.
+sysctl_net_ipv4_conf_default_accept_source_route rule.
 </note>
 
 <note ref="22416" auth="KS">
 Check does exist in the RHEL6 prose, it can be automated and OVAL for it does 
 exist.
-rule=set_sysctl_net_ipv4_conf_all_accept_redirects manual=no
+rule=sysctl_net_ipv4_conf_all_accept_redirects manual=no
 This check is split in the RHEL6 prose into the above and the 
-set_sysctl_net_ipv4_conf_default_accept_redirects rule.
+sysctl_net_ipv4_conf_default_accept_redirects rule.
 </note>
 
 <note ref="22417" auth="KS">
 Check does exist in the RHEL6 prose, it can be automated and OVAL for it does 
 exist.
-rule=disable_sysctl_ipv4_all_send_redirects manual=no
+rule=sysctl_ipv4_all_send_redirects manual=no
 This check is split in the RHEL6 prose into the above and the 
-disable_sysctl_ipv4_default_send_redirects rule.
+sysctl_net_ipv4_conf_default_send_redirects rule.
 </note>
 
 <note ref="22418" auth="KS">
 Partial check does exist in the RHEL6 prose, it can be automated and partial 
 OVAL for it does exist.
-rule=set_sysctl_net_ipv4_conf_all_log_martians manual=no
+rule=sysctl_net_ipv4_conf_all_log_martians manual=no
 This check is split in the RHEL6 prose into the above but no equivalent rule 
 exists for "default."
 </note>
@@ -1631,7 +1631,7 @@ exists for "default."
 <note ref="22419" auth="KS">
 Check does exist in the RHEL6 prose, it can be automated and OVAL for it does 
 exist.
-rule=set_sysctl_net_ipv4_tcp_syncookies manual=no
+rule=sysctl_net_ipv4_tcp_syncookies manual=no
 </note>
 
 <note ref="22429" auth="KS">
diff --git a/RHEL6/input/fixes/bash/set_sysctl_fs_suid_dumpable.sh b/RHEL6/input/fixes/bash/set_sysctl_fs_suid_dumpable.sh
deleted file mode 100644
index 640fff2..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_fs_suid_dumpable.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for fs.suid_dumpable
-#
-sysctl -q -n -w fs.suid_dumpable=0
-
-#
-# If fs.suid_dumpable present in /etc/sysctl.conf, change value to "0"
-#	else, add "fs.suid_dumpable = 0" to /etc/sysctl.conf
-#
-if grep --silent ^fs.suid_dumpable /etc/sysctl.conf ; then
-	sed -i 's/^fs.suid_dumpable.*/fs.suid_dumpable = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set fs.suid_dumpable to 0 per security requirements" >> /etc/sysctl.conf
-	echo "fs.suid_dumpable = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_kernel_dmesg_restrict.sh b/RHEL6/input/fixes/bash/set_sysctl_kernel_dmesg_restrict.sh
deleted file mode 100644
index 7420664..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_kernel_dmesg_restrict.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for kernel.dmesg_restrict
-#
-sysctl -q -n -w kernel.dmesg_restrict=1
-
-#
-# If kernel.dmesg_restrict present in /etc/sysctl.conf, change value to "1"
-#	else, add "kernel.dmesg_restrict = 1" to /etc/sysctl.conf
-#
-if grep --silent ^kernel.dmesg_restrict /etc/sysctl.conf ; then
-	sed -i 's/^kernel.dmesg_restrict.*/kernel.dmesg_restrict = 1/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set kernel.dmesg_restrict to 1 per security requirements" >> /etc/sysctl.conf
-	echo "kernel.dmesg_restrict = 1" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_kernel_exec_shield.sh b/RHEL6/input/fixes/bash/set_sysctl_kernel_exec_shield.sh
deleted file mode 100644
index 66142d7..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_kernel_exec_shield.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for kernel.exec-shield
-#
-sysctl -q -n -w kernel.exec-shield=1
-
-#
-# If kernel.exec-shield present in /etc/sysctl.conf, change value to "1"
-#	else, add "kernel.exec-shield = 1" to /etc/sysctl.conf
-#
-if grep --silent ^kernel.exec-shield /etc/sysctl.conf ; then
-	sed -i 's/^kernel.exec-shield.*/kernel.exec-shield = 1/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set kernel.exec-shield to 1 per security requirements" >> /etc/sysctl.conf
-	echo "kernel.exec-shield = 1" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_kernel_randomize_va_space.sh b/RHEL6/input/fixes/bash/set_sysctl_kernel_randomize_va_space.sh
deleted file mode 100644
index 9e600c0..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_kernel_randomize_va_space.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for kernel.randomize_va_space
-#
-sysctl -q -n -w kernel.randomize_va_space=2
-
-#
-# If kernel.randomize_va_space present in /etc/sysctl.conf, change value to "2"
-#	else, add "kernel.randomize_va_space = 2" to /etc/sysctl.conf
-#
-if grep --silent ^kernel.randomize_va_space /etc/sysctl.conf ; then
-	sed -i 's/^kernel.randomize_va_space.*/kernel.randomize_va_space = 2/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set kernel.randomize_va_space to 2 per security requirements" >> /etc/sysctl.conf
-	echo "kernel.randomize_va_space = 2" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_accept_redirects.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_accept_redirects.sh
deleted file mode 100644
index 2fad04e..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_accept_redirects.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.all.accept_redirects
-#
-sysctl -q -n -w net.ipv4.conf.all.accept_redirects=0
-
-#
-# If net.ipv4.conf.all.accept_redirects present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv4.conf.all.accept_redirects = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.all.accept_redirects /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.all.accept_redirects.*/net.ipv4.conf.all.accept_redirects = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.all.accept_redirects to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_accept_source_route.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_accept_source_route.sh
deleted file mode 100644
index 54a9746..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_accept_source_route.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.all.accept_source_route
-#
-sysctl -q -n -w net.ipv4.conf.all.accept_source_route=0
-
-#
-# If net.ipv4.conf.all.accept_source_route present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv4.conf.all.accept_source_route = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.all.accept_source_route /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.all.accept_source_route.*/net.ipv4.conf.all.accept_source_route = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.all.accept_source_route to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_log_martians.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_log_martians.sh
deleted file mode 100644
index 9388226..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_log_martians.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.all.log_martians
-#
-sysctl -q -n -w net.ipv4.conf.all.log_martians=1
-
-#
-# If net.ipv4.conf.all.log_martians present in /etc/sysctl.conf, change value to "1"
-#	else, add "net.ipv4.conf.all.log_martians = 1" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.all.log_martians /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.all.log_martians.*/net.ipv4.conf.all.log_martians = 1/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.all.log_martians to 1 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.all.log_martians = 1" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_rp_filter.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_rp_filter.sh
deleted file mode 100644
index 81eb072..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_rp_filter.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.all.rp_filter
-#
-sysctl -q -n -w net.ipv4.conf.all.rp_filter=1
-
-#
-# If net.ipv4.conf.all.rp_filter present in /etc/sysctl.conf, change value to "1"
-#	else, add "net.ipv4.conf.all.rp_filter = 1" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.all.rp_filter /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.all.rp_filter.*/net.ipv4.conf.all.rp_filter = 1/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.all.rp_filter to 1 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_secure_redirects.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_secure_redirects.sh
deleted file mode 100644
index 002d19f..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_secure_redirects.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.all.secure_redirects
-#
-sysctl -q -n -w net.ipv4.conf.all.secure_redirects=0
-
-#
-# If net.ipv4.conf.all.secure_redirects present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv4.conf.all.secure_redirects = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.all.secure_redirects /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.all.secure_redirects.*/net.ipv4.conf.all.secure_redirects = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.all.secure_redirects to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.all.secure_redirects = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_send_redirects.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_send_redirects.sh
deleted file mode 100644
index 842dbcb..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_all_send_redirects.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.all.send_redirects
-#
-sysctl -q -n -w net.ipv4.conf.all.send_redirects=0
-
-#
-# If net.ipv4.conf.all.send_redirects present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv4.conf.all.send_redirects = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.all.send_redirects /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.all.send_redirects.*/net.ipv4.conf.all.send_redirects = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.all.send_redirects to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_accept_redirects.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_accept_redirects.sh
deleted file mode 100644
index a1403b5..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_accept_redirects.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.default.accept_redirects
-#
-sysctl -q -n -w net.ipv4.conf.default.accept_redirects=0
-
-#
-# If net.ipv4.conf.default.accept_redirects present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv4.conf.default.accept_redirects = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.default.accept_redirects /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.default.accept_redirects.*/net.ipv4.conf.default.accept_redirects = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.default.accept_redirects to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.default.accept_redirects = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_accept_source_route.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_accept_source_route.sh
deleted file mode 100644
index 0bb5b0f..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_accept_source_route.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.default.accept_source_route
-#
-sysctl -q -n -w net.ipv4.conf.default.accept_source_route=0
-
-#
-# If net.ipv4.conf.default.accept_source_route present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv4.conf.default.accept_source_route = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.default.accept_source_route /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.default.accept_source_route.*/net.ipv4.conf.default.accept_source_route = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.default.accept_source_route to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_rp_filter.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_rp_filter.sh
deleted file mode 100644
index 89795c4..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_rp_filter.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.default.rp_filter
-#
-sysctl -q -n -w net.ipv4.conf.default.rp_filter=1
-
-#
-# If net.ipv4.conf.default.rp_filter present in /etc/sysctl.conf, change value to "1"
-#	else, add "net.ipv4.conf.default.rp_filter = 1" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.default.rp_filter /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.default.rp_filter.*/net.ipv4.conf.default.rp_filter = 1/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.default.rp_filter to 1 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.default.rp_filter = 1" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_secure_redirects.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_secure_redirects.sh
deleted file mode 100644
index 2230dc5..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_secure_redirects.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.default.secure_redirects
-#
-sysctl -q -n -w net.ipv4.conf.default.secure_redirects=0
-
-#
-# If net.ipv4.conf.default.secure_redirects present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv4.conf.default.secure_redirects = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.default.secure_redirects /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.default.secure_redirects.*/net.ipv4.conf.default.secure_redirects = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.default.secure_redirects to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.default.secure_redirects = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_send_redirects.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_send_redirects.sh
deleted file mode 100644
index 6009c0d..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_conf_default_send_redirects.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.conf.default.send_redirects
-#
-sysctl -q -n -w net.ipv4.conf.default.send_redirects=0
-
-#
-# If net.ipv4.conf.default.send_redirects present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv4.conf.default.send_redirects = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.conf.default.send_redirects /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.conf.default.send_redirects.*/net.ipv4.conf.default.send_redirects = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.conf.default.send_redirects to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts.sh
deleted file mode 100644
index 2d737fa..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.icmp_echo_ignore_broadcasts
-#
-sysctl -q -n -w net.ipv4.icmp_echo_ignore_broadcasts=1
-
-#
-# If net.ipv4.icmp_echo_ignore_broadcasts present in /etc/sysctl.conf, change value to "1"
-#	else, add "net.ipv4.icmp_echo_ignore_broadcasts = 1" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.icmp_echo_ignore_broadcasts /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.icmp_echo_ignore_broadcasts.*/net.ipv4.icmp_echo_ignore_broadcasts = 1/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.icmp_echo_ignore_broadcasts to 1 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_icmp_ignore_bogus_error_responses.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_icmp_ignore_bogus_error_responses.sh
deleted file mode 100644
index 6cb96fa..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_icmp_ignore_bogus_error_responses.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.icmp_ignore_bogus_error_responses
-#
-sysctl -q -n -w net.ipv4.icmp_ignore_bogus_error_responses=1
-
-#
-# If net.ipv4.icmp_ignore_bogus_error_responses present in /etc/sysctl.conf, change value to "1"
-#	else, add "net.ipv4.icmp_ignore_bogus_error_responses = 1" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.icmp_ignore_bogus_error_responses /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.icmp_ignore_bogus_error_responses.*/net.ipv4.icmp_ignore_bogus_error_responses = 1/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.icmp_ignore_bogus_error_responses to 1 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_ip_forward.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_ip_forward.sh
deleted file mode 100644
index 3292a63..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_ip_forward.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.ip_forward
-#
-sysctl -q -n -w net.ipv4.ip_forward=0
-
-#
-# If net.ipv4.ip_forward present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv4.ip_forward = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.ip_forward /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.ip_forward.*/net.ipv4.ip_forward = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.ip_forward to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.ip_forward = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_tcp_syncookies.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_tcp_syncookies.sh
deleted file mode 100644
index 456870c..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv4_tcp_syncookies.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv4.tcp_syncookies
-#
-sysctl -q -n -w net.ipv4.tcp_syncookies=1
-
-#
-# If net.ipv4.tcp_syncookies present in /etc/sysctl.conf, change value to "1"
-#	else, add "net.ipv4.tcp_syncookies = 1" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv4.tcp_syncookies /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv4.tcp_syncookies.*/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv4.tcp_syncookies to 1 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv6_conf_default_accept_ra.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv6_conf_default_accept_ra.sh
deleted file mode 100644
index be879c2..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv6_conf_default_accept_ra.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv6.conf.default.accept_ra
-#
-sysctl -q -n -w net.ipv6.conf.default.accept_ra=0
-
-#
-# If net.ipv6.conf.default.accept_ra present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv6.conf.default.accept_ra = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv6.conf.default.accept_ra /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv6.conf.default.accept_ra.*/net.ipv6.conf.default.accept_ra = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv6.conf.default.accept_ra to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv6.conf.default.accept_ra = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/set_sysctl_net_ipv6_conf_default_accept_redirects.sh b/RHEL6/input/fixes/bash/set_sysctl_net_ipv6_conf_default_accept_redirects.sh
deleted file mode 100644
index 5dadfbe..0000000
--- a/RHEL6/input/fixes/bash/set_sysctl_net_ipv6_conf_default_accept_redirects.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Set runtime for net.ipv6.conf.default.accept_redirects
-#
-sysctl -q -n -w net.ipv6.conf.default.accept_redirects=0
-
-#
-# If net.ipv6.conf.default.accept_redirects present in /etc/sysctl.conf, change value to "0"
-#	else, add "net.ipv6.conf.default.accept_redirects = 0" to /etc/sysctl.conf
-#
-if grep --silent ^net.ipv6.conf.default.accept_redirects /etc/sysctl.conf ; then
-	sed -i 's/^net.ipv6.conf.default.accept_redirects.*/net.ipv6.conf.default.accept_redirects = 0/g' /etc/sysctl.conf
-else
-	echo "" >> /etc/sysctl.conf
-	echo "# Set net.ipv6.conf.default.accept_redirects to 0 per security requirements" >> /etc/sysctl.conf
-	echo "net.ipv6.conf.default.accept_redirects = 0" >> /etc/sysctl.conf
-fi
diff --git a/RHEL6/input/fixes/bash/sysctl_fs_suid_dumpable.sh b/RHEL6/input/fixes/bash/sysctl_fs_suid_dumpable.sh
new file mode 100644
index 0000000..640fff2
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_fs_suid_dumpable.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for fs.suid_dumpable
+#
+sysctl -q -n -w fs.suid_dumpable=0
+
+#
+# If fs.suid_dumpable present in /etc/sysctl.conf, change value to "0"
+#	else, add "fs.suid_dumpable = 0" to /etc/sysctl.conf
+#
+if grep --silent ^fs.suid_dumpable /etc/sysctl.conf ; then
+	sed -i 's/^fs.suid_dumpable.*/fs.suid_dumpable = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set fs.suid_dumpable to 0 per security requirements" >> /etc/sysctl.conf
+	echo "fs.suid_dumpable = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_kernel_dmesg_restrict.sh b/RHEL6/input/fixes/bash/sysctl_kernel_dmesg_restrict.sh
new file mode 100644
index 0000000..7420664
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_kernel_dmesg_restrict.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for kernel.dmesg_restrict
+#
+sysctl -q -n -w kernel.dmesg_restrict=1
+
+#
+# If kernel.dmesg_restrict present in /etc/sysctl.conf, change value to "1"
+#	else, add "kernel.dmesg_restrict = 1" to /etc/sysctl.conf
+#
+if grep --silent ^kernel.dmesg_restrict /etc/sysctl.conf ; then
+	sed -i 's/^kernel.dmesg_restrict.*/kernel.dmesg_restrict = 1/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set kernel.dmesg_restrict to 1 per security requirements" >> /etc/sysctl.conf
+	echo "kernel.dmesg_restrict = 1" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_kernel_exec_shield.sh b/RHEL6/input/fixes/bash/sysctl_kernel_exec_shield.sh
new file mode 100644
index 0000000..66142d7
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_kernel_exec_shield.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for kernel.exec-shield
+#
+sysctl -q -n -w kernel.exec-shield=1
+
+#
+# If kernel.exec-shield present in /etc/sysctl.conf, change value to "1"
+#	else, add "kernel.exec-shield = 1" to /etc/sysctl.conf
+#
+if grep --silent ^kernel.exec-shield /etc/sysctl.conf ; then
+	sed -i 's/^kernel.exec-shield.*/kernel.exec-shield = 1/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set kernel.exec-shield to 1 per security requirements" >> /etc/sysctl.conf
+	echo "kernel.exec-shield = 1" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_kernel_randomize_va_space.sh b/RHEL6/input/fixes/bash/sysctl_kernel_randomize_va_space.sh
new file mode 100644
index 0000000..9e600c0
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_kernel_randomize_va_space.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for kernel.randomize_va_space
+#
+sysctl -q -n -w kernel.randomize_va_space=2
+
+#
+# If kernel.randomize_va_space present in /etc/sysctl.conf, change value to "2"
+#	else, add "kernel.randomize_va_space = 2" to /etc/sysctl.conf
+#
+if grep --silent ^kernel.randomize_va_space /etc/sysctl.conf ; then
+	sed -i 's/^kernel.randomize_va_space.*/kernel.randomize_va_space = 2/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set kernel.randomize_va_space to 2 per security requirements" >> /etc/sysctl.conf
+	echo "kernel.randomize_va_space = 2" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_accept_redirects.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_accept_redirects.sh
new file mode 100644
index 0000000..2fad04e
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_accept_redirects.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.all.accept_redirects
+#
+sysctl -q -n -w net.ipv4.conf.all.accept_redirects=0
+
+#
+# If net.ipv4.conf.all.accept_redirects present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv4.conf.all.accept_redirects = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.all.accept_redirects /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.all.accept_redirects.*/net.ipv4.conf.all.accept_redirects = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.all.accept_redirects to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_accept_source_route.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_accept_source_route.sh
new file mode 100644
index 0000000..54a9746
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_accept_source_route.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.all.accept_source_route
+#
+sysctl -q -n -w net.ipv4.conf.all.accept_source_route=0
+
+#
+# If net.ipv4.conf.all.accept_source_route present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv4.conf.all.accept_source_route = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.all.accept_source_route /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.all.accept_source_route.*/net.ipv4.conf.all.accept_source_route = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.all.accept_source_route to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_log_martians.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_log_martians.sh
new file mode 100644
index 0000000..9388226
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_log_martians.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.all.log_martians
+#
+sysctl -q -n -w net.ipv4.conf.all.log_martians=1
+
+#
+# If net.ipv4.conf.all.log_martians present in /etc/sysctl.conf, change value to "1"
+#	else, add "net.ipv4.conf.all.log_martians = 1" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.all.log_martians /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.all.log_martians.*/net.ipv4.conf.all.log_martians = 1/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.all.log_martians to 1 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.all.log_martians = 1" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_rp_filter.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_rp_filter.sh
new file mode 100644
index 0000000..81eb072
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_rp_filter.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.all.rp_filter
+#
+sysctl -q -n -w net.ipv4.conf.all.rp_filter=1
+
+#
+# If net.ipv4.conf.all.rp_filter present in /etc/sysctl.conf, change value to "1"
+#	else, add "net.ipv4.conf.all.rp_filter = 1" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.all.rp_filter /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.all.rp_filter.*/net.ipv4.conf.all.rp_filter = 1/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.all.rp_filter to 1 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_secure_redirects.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_secure_redirects.sh
new file mode 100644
index 0000000..002d19f
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_secure_redirects.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.all.secure_redirects
+#
+sysctl -q -n -w net.ipv4.conf.all.secure_redirects=0
+
+#
+# If net.ipv4.conf.all.secure_redirects present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv4.conf.all.secure_redirects = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.all.secure_redirects /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.all.secure_redirects.*/net.ipv4.conf.all.secure_redirects = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.all.secure_redirects to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.all.secure_redirects = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_send_redirects.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_send_redirects.sh
new file mode 100644
index 0000000..842dbcb
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_all_send_redirects.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.all.send_redirects
+#
+sysctl -q -n -w net.ipv4.conf.all.send_redirects=0
+
+#
+# If net.ipv4.conf.all.send_redirects present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv4.conf.all.send_redirects = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.all.send_redirects /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.all.send_redirects.*/net.ipv4.conf.all.send_redirects = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.all.send_redirects to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_accept_redirects.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_accept_redirects.sh
new file mode 100644
index 0000000..a1403b5
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_accept_redirects.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.default.accept_redirects
+#
+sysctl -q -n -w net.ipv4.conf.default.accept_redirects=0
+
+#
+# If net.ipv4.conf.default.accept_redirects present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv4.conf.default.accept_redirects = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.default.accept_redirects /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.default.accept_redirects.*/net.ipv4.conf.default.accept_redirects = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.default.accept_redirects to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.default.accept_redirects = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_accept_source_route.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_accept_source_route.sh
new file mode 100644
index 0000000..0bb5b0f
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_accept_source_route.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.default.accept_source_route
+#
+sysctl -q -n -w net.ipv4.conf.default.accept_source_route=0
+
+#
+# If net.ipv4.conf.default.accept_source_route present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv4.conf.default.accept_source_route = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.default.accept_source_route /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.default.accept_source_route.*/net.ipv4.conf.default.accept_source_route = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.default.accept_source_route to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_rp_filter.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_rp_filter.sh
new file mode 100644
index 0000000..89795c4
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_rp_filter.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.default.rp_filter
+#
+sysctl -q -n -w net.ipv4.conf.default.rp_filter=1
+
+#
+# If net.ipv4.conf.default.rp_filter present in /etc/sysctl.conf, change value to "1"
+#	else, add "net.ipv4.conf.default.rp_filter = 1" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.default.rp_filter /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.default.rp_filter.*/net.ipv4.conf.default.rp_filter = 1/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.default.rp_filter to 1 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.default.rp_filter = 1" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_secure_redirects.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_secure_redirects.sh
new file mode 100644
index 0000000..2230dc5
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_secure_redirects.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.default.secure_redirects
+#
+sysctl -q -n -w net.ipv4.conf.default.secure_redirects=0
+
+#
+# If net.ipv4.conf.default.secure_redirects present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv4.conf.default.secure_redirects = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.default.secure_redirects /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.default.secure_redirects.*/net.ipv4.conf.default.secure_redirects = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.default.secure_redirects to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.default.secure_redirects = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_send_redirects.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_send_redirects.sh
new file mode 100644
index 0000000..6009c0d
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_conf_default_send_redirects.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.conf.default.send_redirects
+#
+sysctl -q -n -w net.ipv4.conf.default.send_redirects=0
+
+#
+# If net.ipv4.conf.default.send_redirects present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv4.conf.default.send_redirects = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.conf.default.send_redirects /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.conf.default.send_redirects.*/net.ipv4.conf.default.send_redirects = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.conf.default.send_redirects to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.sh
new file mode 100644
index 0000000..2d737fa
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.icmp_echo_ignore_broadcasts
+#
+sysctl -q -n -w net.ipv4.icmp_echo_ignore_broadcasts=1
+
+#
+# If net.ipv4.icmp_echo_ignore_broadcasts present in /etc/sysctl.conf, change value to "1"
+#	else, add "net.ipv4.icmp_echo_ignore_broadcasts = 1" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.icmp_echo_ignore_broadcasts /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.icmp_echo_ignore_broadcasts.*/net.ipv4.icmp_echo_ignore_broadcasts = 1/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.icmp_echo_ignore_broadcasts to 1 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.sh
new file mode 100644
index 0000000..6cb96fa
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.icmp_ignore_bogus_error_responses
+#
+sysctl -q -n -w net.ipv4.icmp_ignore_bogus_error_responses=1
+
+#
+# If net.ipv4.icmp_ignore_bogus_error_responses present in /etc/sysctl.conf, change value to "1"
+#	else, add "net.ipv4.icmp_ignore_bogus_error_responses = 1" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.icmp_ignore_bogus_error_responses /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.icmp_ignore_bogus_error_responses.*/net.ipv4.icmp_ignore_bogus_error_responses = 1/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.icmp_ignore_bogus_error_responses to 1 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_ip_forward.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_ip_forward.sh
new file mode 100644
index 0000000..3292a63
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_ip_forward.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.ip_forward
+#
+sysctl -q -n -w net.ipv4.ip_forward=0
+
+#
+# If net.ipv4.ip_forward present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv4.ip_forward = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.ip_forward /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.ip_forward.*/net.ipv4.ip_forward = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.ip_forward to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.ip_forward = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv4_tcp_syncookies.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv4_tcp_syncookies.sh
new file mode 100644
index 0000000..456870c
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv4_tcp_syncookies.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv4.tcp_syncookies
+#
+sysctl -q -n -w net.ipv4.tcp_syncookies=1
+
+#
+# If net.ipv4.tcp_syncookies present in /etc/sysctl.conf, change value to "1"
+#	else, add "net.ipv4.tcp_syncookies = 1" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv4.tcp_syncookies /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv4.tcp_syncookies.*/net.ipv4.tcp_syncookies = 1/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv4.tcp_syncookies to 1 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv6_conf_default_accept_ra.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv6_conf_default_accept_ra.sh
new file mode 100644
index 0000000..be879c2
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv6_conf_default_accept_ra.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv6.conf.default.accept_ra
+#
+sysctl -q -n -w net.ipv6.conf.default.accept_ra=0
+
+#
+# If net.ipv6.conf.default.accept_ra present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv6.conf.default.accept_ra = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv6.conf.default.accept_ra /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv6.conf.default.accept_ra.*/net.ipv6.conf.default.accept_ra = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv6.conf.default.accept_ra to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv6.conf.default.accept_ra = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/sysctl_net_ipv6_conf_default_accept_redirects.sh b/RHEL6/input/fixes/bash/sysctl_net_ipv6_conf_default_accept_redirects.sh
new file mode 100644
index 0000000..5dadfbe
--- /dev/null
+++ b/RHEL6/input/fixes/bash/sysctl_net_ipv6_conf_default_accept_redirects.sh
@@ -0,0 +1,16 @@
+#
+# Set runtime for net.ipv6.conf.default.accept_redirects
+#
+sysctl -q -n -w net.ipv6.conf.default.accept_redirects=0
+
+#
+# If net.ipv6.conf.default.accept_redirects present in /etc/sysctl.conf, change value to "0"
+#	else, add "net.ipv6.conf.default.accept_redirects = 0" to /etc/sysctl.conf
+#
+if grep --silent ^net.ipv6.conf.default.accept_redirects /etc/sysctl.conf ; then
+	sed -i 's/^net.ipv6.conf.default.accept_redirects.*/net.ipv6.conf.default.accept_redirects = 0/g' /etc/sysctl.conf
+else
+	echo "" >> /etc/sysctl.conf
+	echo "# Set net.ipv6.conf.default.accept_redirects to 0 per security requirements" >> /etc/sysctl.conf
+	echo "net.ipv6.conf.default.accept_redirects = 0" >> /etc/sysctl.conf
+fi
diff --git a/RHEL6/input/fixes/bash/templates/create_sysctl_bash.py b/RHEL6/input/fixes/bash/templates/create_sysctl_bash.py
index 6eae9ae..4d42ed3 100755
--- a/RHEL6/input/fixes/bash/templates/create_sysctl_bash.py
+++ b/RHEL6/input/fixes/bash/templates/create_sysctl_bash.py
@@ -14,7 +14,7 @@ def output_checkfile(serviceinfo):
         filestring = filestring.replace("SYSCTLVAR", sysctl_var)
         filestring = filestring.replace("SYSCTLVAL", sysctl_val)
         # write the check
-        with open("./output/set_sysctl_" + sysctl_var_id + ".sh", 'wb+') as outputfile:
+        with open("./output/sysctl_" + sysctl_var_id + ".sh", 'wb+') as outputfile:
             outputfile.write(filestring)
             outputfile.close()
 
diff --git a/RHEL6/input/profiles/CS2.xml b/RHEL6/input/profiles/CS2.xml
index 5d6e5dd..38b8c77 100644
--- a/RHEL6/input/profiles/CS2.xml
+++ b/RHEL6/input/profiles/CS2.xml
@@ -194,21 +194,21 @@
 <select idref="gconf_gnome_disable_automount" selected="true"/>
 
 <select idref="network_disable_zeroconf" selected="true" />
-<select idref="disable_sysctl_ipv4_default_send_redirects" selected="true"/>
-<select idref="disable_sysctl_ipv4_all_send_redirects" selected="true"/>
-<select idref="disable_sysctl_ipv4_ip_forward" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_all_accept_source_route" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_all_accept_redirects" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_all_secure_redirects" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_all_log_martians" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_default_accept_source_route" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_default_secure_redirects" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_default_accept_redirects" selected="true"/>
-<select idref="set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true"/>
-<select idref="set_sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true"/>
-<select idref="set_sysctl_net_ipv4_tcp_syncookies" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_all_rp_filter" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_default_rp_filter" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true"/>
+<select idref="sysctl_ipv4_all_send_redirects" selected="true"/>
+<select idref="sysctl_ipv4_ip_forward" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_accept_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_secure_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_log_martians" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_accept_source_route" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_secure_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_accept_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true"/>
+<select idref="sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true"/>
+<select idref="sysctl_net_ipv4_tcp_syncookies" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_rp_filter" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_rp_filter" selected="true"/>
 
 <select idref="disable_ipv6_module_loading" selected="true"/>
 <select idref="network_ipv6_disable_interfaces" selected="true"/>
@@ -217,8 +217,8 @@
 <select idref="network_ipv6_privacy_extensions" selected="true" />
 <select idref="network_ipv6_default_gateway" selected="true" />
 <select idref="network_ipv6_limit_requests" selected="true" />
-<select idref="set_sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
-<select idref="set_sysctl_ipv6_default_accept_redirects" selected="true" />
+<select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
+<select idref="sysctl_ipv6_default_accept_redirects" selected="true" />
 
 <select idref="network_sniffer_disabled" selected="true" />
 <select idref="wireless_disable_in_bios" selected="true" />
diff --git a/RHEL6/input/profiles/common.xml b/RHEL6/input/profiles/common.xml
index 9f67acf..45ade0e 100644
--- a/RHEL6/input/profiles/common.xml
+++ b/RHEL6/input/profiles/common.xml
@@ -74,23 +74,23 @@
 <select idref="enable_randomize_va_space" selected="true"/>
 <select idref="enable_execshield" selected="true"/>
 
-<select idref="disable_sysctl_ipv4_default_send_redirects" selected="true"/>
-<select idref="disable_sysctl_ipv4_all_send_redirects" selected="true"/>
-<select idref="disable_sysctl_ipv4_ip_forward" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_all_accept_source_route" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_all_accept_redirects" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_all_secure_redirects" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_all_log_martians" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_default_accept_source_route" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_default_secure_redirects" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_default_accept_redirects" selected="true"/>
-<select idref="set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true"/>
-<select idref="set_sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true"/>
-<select idref="set_sysctl_net_ipv4_tcp_syncookies" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_all_rp_filter" selected="true"/>
-<select idref="set_sysctl_net_ipv4_conf_default_rp_filter" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true"/>
+<select idref="sysctl_ipv4_all_send_redirects" selected="true"/>
+<select idref="sysctl_ipv4_ip_forward" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_accept_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_secure_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_log_martians" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_accept_source_route" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_secure_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_accept_redirects" selected="true"/>
+<select idref="sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true"/>
+<select idref="sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true"/>
+<select idref="sysctl_net_ipv4_tcp_syncookies" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_all_rp_filter" selected="true"/>
+<select idref="sysctl_net_ipv4_conf_default_rp_filter" selected="true"/>
 <select idref="disable_ipv6_module_loading" selected="true"/>
-<select idref="set_sysctl_ipv6_default_accept_redirects" selected="true"/>
+<select idref="sysctl_ipv6_default_accept_redirects" selected="true"/>
 <select idref="service_ip6tables_enabled" selected="true"/>
 <select idref="service_iptables_enabled" selected="true"/>
 <select idref="set_iptables_default_rule" selected="true"/>
diff --git a/RHEL6/input/profiles/fisma-medium-rhel6-server.xml b/RHEL6/input/profiles/fisma-medium-rhel6-server.xml
index c915028..8c49a9c 100644
--- a/RHEL6/input/profiles/fisma-medium-rhel6-server.xml
+++ b/RHEL6/input/profiles/fisma-medium-rhel6-server.xml
@@ -24,14 +24,14 @@
 
 <!--	AC-4 -->
 <select idref="service_rdisc_disabled" selected="true" />
-<select idref="disable_sysctl_ipv4_default_send_redirects" selected="true" />
-<select idref="set_sysctl_net_ipv4_conf_all_secure_redirects" selected="true" />
-<select idref="set_sysctl_net_ipv4_conf_default_accept_source_route" selected="true" />
-<select idref="set_sysctl_net_ipv4_conf_default_accept_redirects" selected="true" />
-<select idref="set_sysctl_net_ipv4_conf_default_secure_redirects" selected="true" />
-<select idref="set_sysctl_net_ipv4_tcp_syncookies" selected="true" />
-<select idref="set_sysctl_net_ipv4_conf_all_rp_filter" selected="true" />
-<select idref="set_sysctl_net_ipv4_conf_default_rp_filter" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_secure_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_accept_source_route" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_accept_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_secure_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_tcp_syncookies" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_rp_filter" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_rp_filter" selected="true" />
 <select idref="service_ip6tables_enabled" selected="true" />
 <select idref="service_iptables_enabled" selected="true" />
 
@@ -137,7 +137,7 @@
 <select idref="audit_sysadmin_actions" selected="true" />
 <select idref="audit_kernel_module_loading" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_all_log_martians_value" selector="0" />
-<select idref="set_sysctl_net_ipv4_conf_all_log_martians" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_log_martians" selected="true" />
 <select idref="sshd_allow_only_protocol2" selected="true" />
 
 <!--	AC-17(8)
@@ -253,11 +253,11 @@
 <select idref="disable_module_hfsplus" selected="true" />
 <select idref="disable_module_squashfs" selected="true" />
 <select idref="disable_module_udf" selected="true" />
-<select idref="disable_sysctl_ipv4_all_send_redirects" selected="true" />
-<select idref="disable_sysctl_ipv4_ip_forward" selected="true" />
-<select idref="set_sysctl_net_ipv4_conf_all_accept_source_route" selected="true" />
-<select idref="set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true" />
-<select idref="set_sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true" />
+<select idref="sysctl_ipv4_all_send_redirects" selected="true" />
+<select idref="sysctl_ipv4_ip_forward" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true" />
+<select idref="sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true" />
+<select idref="sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true" />
 <select idref="set_ip6tables_default_rule" selected="true" />
 <select idref="set_iptables_default_rule" selected="true" />
 <select idref="set_iptables_default_rule_forward" selected="true" />
@@ -269,8 +269,8 @@
 <select idref="network_sniffer_disabled" selected="true" />
 <select idref="disable_ipv6_module_loading" selected="true" />
 <select idref="network_ipv6_disable_rpc" selected="true" />
-<select idref="set_sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
-<select idref="set_sysctl_ipv6_default_accept_redirects" selected="true" />
+<select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
+<select idref="sysctl_ipv6_default_accept_redirects" selected="true" />
 
 <!--	IA-2(1) -->
 <select idref="bootloader_password" selected="true" />
diff --git a/RHEL6/input/profiles/nist-CL-IL-AL.xml b/RHEL6/input/profiles/nist-CL-IL-AL.xml
index f16cc68..5ab5bb6 100644
--- a/RHEL6/input/profiles/nist-CL-IL-AL.xml
+++ b/RHEL6/input/profiles/nist-CL-IL-AL.xml
@@ -117,13 +117,13 @@ assurance."</description>
 
 <!-- AC-4 -->
 <select idref="service_rdisc_disabled" selected="true" \>
-<select idref="disable_sysctl_ipv4_default_send_redirects" selected="true" \>
-<select idref="set_sysctl_net_ipv4_conf_all_secure_redirects" selected="true" \>
-<select idref="set_sysctl_net_ipv4_conf_default_accept_source_route" selected="true" \>
-<select idref="set_sysctl_net_ipv4_conf_default_accept_redirects" selected="true" \>
-<select idref="set_sysctl_net_ipv4_conf_default_secure_redirects" selected="true" \>
-<select idref="set_sysctl_net_ipv4_conf_all_rp_filter" selected="true" \>
-<select idref"set_sysctl_net_ipv4_conf_default_rp_filter" selected="true" \>
+<select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true" \>
+<select idref="sysctl_net_ipv4_conf_all_secure_redirects" selected="true" \>
+<select idref="sysctl_net_ipv4_conf_default_accept_source_route" selected="true" \>
+<select idref="sysctl_net_ipv4_conf_default_accept_redirects" selected="true" \>
+<select idref="sysctl_net_ipv4_conf_default_secure_redirects" selected="true" \>
+<select idref="sysctl_net_ipv4_conf_all_rp_filter" selected="true" \>
+<select idref"sysctl_net_ipv4_conf_default_rp_filter" selected="true" \>
 <select idref="service_ip6tables_enabled" selected="true" \>
 <select idref="service_iptables_enabled" selected="true" \>
 
@@ -219,7 +219,7 @@ assurance."</description>
 <select idref="audit_file_deletions" selected="true" \>
 <select idref="audit_sysadmin_actions" selected="true" \>
 <select idref="audit_kernel_module_loading" selected="true" \>
-<select idref="set_sysctl_net_ipv4_conf_all_log_martians" selected="true" \>
+<select idref="sysctl_net_ipv4_conf_all_log_martians" selected="true" \>
 
 <!-- AC-17(8) -->
 <select idref="disable_xinetd" selected="true" \>
@@ -301,8 +301,8 @@ assurance."</description>
 <!-- CM-7 -->
 <select idref="disable_ipv6_module_loading" selected="true" \>
 <select idref="network_ipv6_disable_rpc" selected="true" \>
-<select idref="set_sysctl_net_ipv6_conf_default_accept_ra" selected="true" \>
-<select idref="set_sysctl_ipv6_default_accept_redirects" selected="true" \>
+<select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" \>
+<select idref="sysctl_ipv6_default_accept_redirects" selected="true" \>
 <select idref="network_disable_unused_interfaces" selected="true" \>
 <select idref="network_disable_zeroconf" selected="true" \>
 <select idref="network_sniffer_disabled" selected="true" \>
@@ -312,12 +312,12 @@ assurance."</description>
 <select idref="disable_protocol_tipc" selected="true" \>
 <select idref="set_iptables_default_rule" selected="true" \>
 <select idref="set_iptables_default_rule_forward" selected="true" \>
-<select idref="disable_sysctl_ipv4_all_send_redirects" selected="true" \>
-<select idref="disable_sysctl_ipv4_ip_forward" selected="true" \>
-<select idref="set_sysctl_net_ipv4_conf_all_accept_source_route" selected="true" \>
-<select idref="set_sysctl_net_ipv4_conf_all_accept_redirects" selected="true" \>
-<select idref="set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true" \>
-<select idref="set_sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true" \>
+<select idref="sysctl_ipv4_all_send_redirects" selected="true" \>
+<select idref="sysctl_ipv4_ip_forward" selected="true" \>
+<select idref="sysctl_net_ipv4_conf_all_accept_source_route" selected="true" \>
+<select idref="sysctl_net_ipv4_conf_all_accept_redirects" selected="true" \>
+<select idref="sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true" \>
+<select idref="sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true" \>
 <select idref="disable_module_cramfs" selected="true" \>
 <select idref="disable_module_freevxfs" selected="true" \>
 <select idref="disable_module_jffs2" selected="true" \>
diff --git a/RHEL6/input/profiles/usgcb-rhel6-server.xml b/RHEL6/input/profiles/usgcb-rhel6-server.xml
index 2ffad57..e4deed8 100644
--- a/RHEL6/input/profiles/usgcb-rhel6-server.xml
+++ b/RHEL6/input/profiles/usgcb-rhel6-server.xml
@@ -117,41 +117,41 @@
 <select idref="enable_selinux_bootloader" selected="true" />
 <select idref="selinux_confinement_of_daemons" selected="true" />
 <select idref="selinux_unlabeled_device_files" selected="true" />
-<select idref="disable_sysctl_ipv4_ip_forward" selected="true" />
-<select idref="disable_sysctl_ipv4_all_send_redirects" selected="true" />
-<select idref="disable_sysctl_ipv4_default_send_redirects" selected="true" />
+<select idref="sysctl_ipv4_ip_forward" selected="true" />
+<select idref="sysctl_ipv4_all_send_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_send_redirects" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_all_secure_redirects_value" selector="0" />
-<select idref="set_sysctl_net_ipv4_conf_all_secure_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_secure_redirects" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_all_accept_redirects_value" selector="disabled" />
-<select idef="set_sysctl_net_ipv4_conf_all_accept_redirects" selected="true" />
+<select idef="sysctl_net_ipv4_conf_all_accept_redirects" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_all_accept_source_route_value" selector="disabled" />
-<select idref="set_sysctl_net_ipv4_conf_default_accept_source_route" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_accept_source_route" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_default_secure_redirects_value" selector="disabled" />
-<select idref="set_sysctl_net_ipv4_conf_default_secure_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_secure_redirects" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_default_accept_redirects_value" selector="disabled" />
-<select idref="set_sysctl_net_ipv4_conf_default_accept_redirects" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_accept_redirects" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_default_accept_source_route_value" selector="disabled" />
-<select idref="set_sysctl_net_ipv4_conf_default_accept_source_route" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_accept_source_route" selected="true" />
 <refine-value idref="sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value" selector="enabled" />
-<select idref="set_sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true" />
+<select idref="sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true" />
 <refine-value idref="sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value" selector="enabled" />
-<select idref="set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true" />
+<select idref="sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_all_log_martians_value" selector="enabled" />
-<select idref="set_sysctl_net_ipv4_conf_all_log_martians" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_log_martians" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_all_rp_filter_value" selector="enabled" />
-<select idref="set_sysctl_net_ipv4_conf_all_rp_filter" selected="true" />
+<select idref="sysctl_net_ipv4_conf_all_rp_filter" selected="true" />
 <refine-value idref="sysctl_net_ipv4_tcp_syncookies_value" selector="enabled" />
-<select idref="set_sysctl_net_ipv4_tcp_syncookies" selected="true" />
+<select idref="sysctl_net_ipv4_tcp_syncookies" selected="true" />
 <refine-value idref="sysctl_net_ipv4_conf_default_rp_filter_value" selector="enabled" />
-<select idref="set_sysctl_net_ipv4_conf_default_rp_filter" selected="true" />
+<select idref="sysctl_net_ipv4_conf_default_rp_filter" selected="true" />
 <select idref="wireless_disable_in_bios" selected="true" />
 <select idref="deactivate_wireless_interfaces" selected="true" />
 <select idref="service_bluetooth_disabled" selected="true" />
 <select idref="disable_ipv6_module_loading" selected="true" />
 <select idref="network_ipv6_disable_rpc" selected="true" />
 <refine-value idref="sysctl_net_ipv6_conf_default_accept_ra_value" selector="disabled" />
-<select idref="set_sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
-<select idref="set_sysctl_ipv6_default_accept_redirects" selected="true" />
+<select idref="sysctl_net_ipv6_conf_default_accept_ra" selected="true" />
+<select idref="sysctl_ipv6_default_accept_redirects" selected="true" />
 <select idref="service_ip6tables_enabled" selected="true" />
 <select idref="service_iptables_enabled" selected="true" />
 <select idref="set_iptables_default_rule" selected="true" />
diff --git a/RHEL6/input/system/network/ipv6.xml b/RHEL6/input/system/network/ipv6.xml
index 8a79b4e..0dc0245 100644
--- a/RHEL6/input/system/network/ipv6.xml
+++ b/RHEL6/input/system/network/ipv6.xml
@@ -121,7 +121,7 @@ operator="equals" interactive="0">
 <value selector="disabled">0</value>
 </Value>
 
-<Rule id="set_sysctl_net_ipv6_conf_default_accept_ra">
+<Rule id="sysctl_net_ipv6_conf_default_accept_ra">
 <title>Disable Accepting IPv6 Router Advertisements</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv6.conf.default.accept_ra" value="0" />
@@ -137,7 +137,7 @@ An illicit router advertisement message could result in a man-in-the-middle atta
 <ref nist="CM-7" />
 </Rule>
 
-<Rule id="set_sysctl_ipv6_default_accept_redirects" severity="medium">
+<Rule id="sysctl_ipv6_default_accept_redirects" severity="medium">
 <title>Disable Accepting IPv6 Redirects</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv6.conf.default.accept_redirects" value="0" />
diff --git a/RHEL6/input/system/network/kernel.xml b/RHEL6/input/system/network/kernel.xml
index b68630e..5dd0275 100644
--- a/RHEL6/input/system/network/kernel.xml
+++ b/RHEL6/input/system/network/kernel.xml
@@ -11,7 +11,7 @@ which affect networking and have security implications are described here.
 kernel parameters ensure that the host will not perform routing
 of network traffic.</description>
 
-<Rule id="disable_sysctl_ipv4_default_send_redirects" severity="medium">
+<Rule id="sysctl_net_ipv4_conf_default_send_redirects" severity="medium">
 <title>Disable Kernel Parameter for Sending ICMP Redirects by Default</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.default.send_redirects" value="0" />
@@ -28,7 +28,7 @@ only appropriate for systems acting as routers.</rationale>
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="disable_sysctl_ipv4_all_send_redirects" severity="medium">
+<Rule id="sysctl_ipv4_all_send_redirects" severity="medium">
 <title>Disable Kernel Parameter for Sending ICMP Redirects for All Interfaces</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.all.send_redirects" value="0" />
@@ -45,7 +45,7 @@ only appropriate for systems acting as routers.</rationale>
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="disable_sysctl_ipv4_ip_forward" severity="medium">
+<Rule id="sysctl_ipv4_ip_forward" severity="medium">
 <title>Disable Kernel Parameter for IP Forwarding</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.ip_forward" value="0" />
@@ -198,7 +198,7 @@ operator="equals" interactive="0">
 <value selector="disabled">0</value>
 </Value>
 
-<Rule id="set_sysctl_net_ipv4_conf_all_accept_source_route" severity="medium">
+<Rule id="sysctl_net_ipv4_conf_all_accept_source_route" severity="medium">
 <title>Disable Kernel Parameter for Accepting Source-Routed Packets for All Interfaces</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.all.accept_source_route" value="0" />
@@ -214,7 +214,7 @@ uses. It should be disabled unless it is absolutely required.</rationale>
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="set_sysctl_net_ipv4_conf_all_accept_redirects" severity="medium">
+<Rule id="sysctl_net_ipv4_conf_all_accept_redirects" severity="medium">
 <title>Disable Kernel Parameter for Accepting ICMP Redirects for All Interfaces</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.all.accept_redirects" value="0" />
@@ -231,7 +231,7 @@ uses. It should be disabled unless it is absolutely required.</rationale>
 </Rule>
 
 
-<Rule id="set_sysctl_net_ipv4_conf_all_secure_redirects" severity="medium">
+<Rule id="sysctl_net_ipv4_conf_all_secure_redirects" severity="medium">
 <title>Disable Kernel Parameter for Accepting Secure Redirects for All Interfaces</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.all.secure_redirects" value="0" />
@@ -248,7 +248,7 @@ absolutely required.</rationale>
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="set_sysctl_net_ipv4_conf_all_log_martians">
+<Rule id="sysctl_net_ipv4_conf_all_log_martians">
 <title>Enable Kernel Parameter to Log Martian Packets</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.all.log_martians" value="1" />
@@ -267,7 +267,7 @@ to be detected.</rationale>
 </Rule>
 
 
-<Rule id="set_sysctl_net_ipv4_conf_default_accept_source_route" severity="medium">
+<Rule id="sysctl_net_ipv4_conf_default_accept_source_route" severity="medium">
 <title>Disable Kernel Parameter for Accepting Source-Routed Packets By Default</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.default.accept_source_route" value="0" />
@@ -283,7 +283,7 @@ uses. It should be disabled unless it is absolutely required.</rationale>
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="set_sysctl_net_ipv4_conf_default_accept_redirects">
+<Rule id="sysctl_net_ipv4_conf_default_accept_redirects">
 <title>Disable Kernel Parameter for Accepting ICMP Redirects By Default</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.default.accept_redirects" value="0" />
@@ -299,7 +299,7 @@ uses. It should be disabled unless it is absolutely required.</rationale>
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="set_sysctl_net_ipv4_conf_default_secure_redirects" severity="medium">
+<Rule id="sysctl_net_ipv4_conf_default_secure_redirects" severity="medium">
 <title>Disable Kernel Parameter for Accepting Secure Redirects By Default</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.default.secure_redirects" value="0" />
@@ -316,7 +316,7 @@ absolutely required.</rationale>
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="set_sysctl_net_ipv4_icmp_echo_ignore_broadcasts">
+<Rule id="sysctl_net_ipv4_icmp_echo_ignore_broadcasts">
 <title>Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.icmp_echo_ignore_broadcasts" value="1" />
@@ -333,7 +333,7 @@ addresses makes the system slightly more difficult to enumerate on the network.
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="set_sysctl_net_ipv4_icmp_ignore_bogus_error_responses">
+<Rule id="sysctl_net_ipv4_icmp_ignore_bogus_error_responses">
 <title>Enable Kernel Parameter to Ignore Bogus ICMP Error Responses</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.icmp_ignore_bogus_error_responses" value="1" />
@@ -349,7 +349,7 @@ log size, although some activity would not be logged.</rationale>
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="set_sysctl_net_ipv4_tcp_syncookies" severity="medium">
+<Rule id="sysctl_net_ipv4_tcp_syncookies" severity="medium">
 <title>Enable Kernel Parameter to Use TCP Syncookies</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.tcp_syncookies" value="1" />
@@ -370,7 +370,7 @@ enables the system to continue servicing valid connection requests.
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="set_sysctl_net_ipv4_conf_all_rp_filter" severity="medium">
+<Rule id="sysctl_net_ipv4_conf_all_rp_filter" severity="medium">
 <title>Enable Kernel Parameter to Use Reverse Path Filtering for All Interfaces</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.all.rp_filter" value="1" />
@@ -389,7 +389,7 @@ networks.</rationale>
 <tested by="DS" on="20121024"/>
 </Rule>
 
-<Rule id="set_sysctl_net_ipv4_conf_default_rp_filter" severity="medium">
+<Rule id="sysctl_net_ipv4_conf_default_rp_filter" severity="medium">
 <title>Enable Kernel Parameter to Use Reverse Path Filtering by Default</title>
 <description>
 <sysctl-desc-macro sysctl="net.ipv4.conf.default.rp_filter" value="1" />
-- 
1.7.1